Construction data centre claims - powering policy performance

Phenomenal demand for AI and cloud computing is generating a worldwide building boom, with global spending on data centres predicted to reach USD $7 trillion by 2030.

Across key growth markets in the US, China, Europe and Middle East, governments are actively incentivising development to power digital economies, attract foreign investment and foster innovation.  

Project costs for the most ambitious facilities could reach $100 billion, presenting a complex risk profile spanning numerous lines of insurance. Owners and operators should carefully evaluate insurance risk transfer and commercial resilience for potential losses involving property damage, natural catastrophes, theft, financial loss caused by delays in start-up or reinstatement, cyber events and public liability.

Swift expansion of pioneering technologies across proliferating sites will inevitably heighten the risks. To stress test and prepare for hypothetical loss scenarios, businesses need to understand how their insurance will respond and what variations in language could materially increase the scope of coverage, lead to critical gaps in protection, or create ambiguity and potential for disputes on policy claims. 

1. Property Damage

Computer equipment and electronic information are a data centre’s most valuable assets, and are particularly vulnerable to damage from power surges or outages, caused by external grid issues, equipment malfunctions or maintenance errors. The systems that manage heat and humidity are crucial, to maintain optimal operating temperatures and prevent system crashes, hardware damage or build-up of static electricity.

Property and business interruption policies vary significantly in the extent of coverage for damage and consequential loss resulting from public utility incidents, and insureds should carefully scrutinise policy language to ensure broad terms with adequate limits.   

Water damage is the most prevalent cause of insurable loss on construction sites. While excluded under some standard form policies, coverage is often available for specified perils such as sudden groundwater flooding, or accidental release from malfunctioning sprinkler systems. A Joint Code on Escape of Water Prevention and Management on Construction Sites was published in 2024 setting out detailed best practice, comparable to the Joint Fire Code. The wording of any policy endorsements incorporating these codes to the terms of coverage or mandating strict compliance requires close attention.

Temporary roofing systems are critically important to avoid damage to contract works from inclement weather, such as the c.£100million claims against Riverstone Managing Agency Ltd and others resulting from rainfall damage to the 16,000 metres2 timber roof of Sky’s global headquarters in London. Helpfully for the insured, the Court of Appeal held that costs of deterioration and development damage occurring after expiry of the policy period can be recoverable as part of the indemnity, together with investigation costs reasonably incurred to determine how to remediate damage. 

Stakeholders should ensure that project policies align with underlying contract terms on indemnities and insuring responsibilities. In the absence of express building contract provision that specified parties will benefit from project policy coverage during the maintenance or defects notification period, contractors are potentially exposed to subrogated recoveries from insurers for damage occurring after practical completion. Navigating risk transfer on projects involving existing structures is particularly complex under JCT contracts, requiring bespoke solutions due to difficulties in securing joint names cover as contemplated in the default 6.7C insuring clause.

2. Security Conditions

Data centres may be attractive targets for theft and policies will usually require the insured to comply with security conditions and take reasonable precautions to prevent loss or damage to insured property. To establish breach of a reasonable precautions condition, insurers must show that the insured acted intentionally or recklessly, i.e. proceeding with a risky course of action with awareness of the danger - as opposed to mere negligence.

Policyholders should avoid any terms imposing conditions precedent to the insurance coverage, i.e. requiring them to take certain actions in a specified manner as a prerequisite to payment of claims or continuation of the policy. These provisions can be harsh in effect, allowing insurers to avoid liability regardless of whether any prejudice has been suffered due to a breach.     

Representations made to insurers prior to inception and renewals must be accurate, including information on access restrictions, alarms or surveillance systems. The Insurance Act 2015 imposes a duty of fair presentation, requiring disclosure of all material circumstances known to the insured (excluding matters the insurer ought to know, or as to which information has been waived), to avoid potential (i) proportionate reduction to the claim, if a higher premium would have been charged; or (ii) cancellation of the policy and return of the premium (if insurance would not have been offered at all, had the relevant information been disclosed).

With specialist advice insureds can secure policy wordings free of conditions precedent and containing non-invalidation provisions to vary Insurance Act remedies, preventing insurers from reducing claims for innocent non-disclosure.       

3. Liability Claims

Data centres have significant environmental impacts, through huge consumption of energy and water (for cooling systems), on large areas of land previously used in some cases for agricultural purposes.

While many tech companies have net zero pledges and invest in renewables, 24/7 supply is difficult without advanced storage systems or reliable baseload input from alternative power such as nuclear or natural gas. Back-up generators often rely on fossil fuels, contributing to hazardous emissions and greenhouse gases. Data centre operations also cause noise disturbance, through constant operation of power sources, servers and fans.

These factors are creating conflicts with surrounding communities and contributing to an increase in liability claims against data centres, alleging nuisance and environmental harms. To limit potential exposures, data centres should implement robust risk management systems, ensuring adherence to all applicable local regulations and industry standards. Policy language on exclusions for pollution or contamination, and aggregation of loss, are often pivotal in determination of general liability claims.  

4. Cyber

Cyber insurance and technology E&O policies typically protect against a range of losses arising from data breaches, or disclosure of confidential information processed for customers. Policy limits should be commensurate with the scale and sensitivity of non-public data handled at the relevant location.

Contentious issues arise as to whether loss of data or impairment of data systems constitutes physical damage, sufficient to trigger a property policy. Concerns over unintended ‘silent cyber’ exposure prompted a Lloyd’s directive in January 2020, requiring policies explicitly to affirm or exclude coverage for cyber events. Cyber insurance was originally intended to address purely digital losses from data breach, network outage or ransomware but the traditional distinction with physical loss is becoming more nuanced.

Through evolving technology and converging infrastructure risks, cyber intrusion giving rise to tangible property damage is becoming more frequent, for example through industrial controls or building management systems. This adds to complexity of claims assessment and forensic investigations. Identifying and pursuing parties responsible for a cyber-attack is far more difficult than in standard property or construction claims. A single incident could trigger indemnity under several policies, requiring co-ordination across insurers, subject to hierarchy provisions.

Lloyd’s has warned that a major cyber-attack on key industries could cause economic losses comparable to natural catastrophes, potentially cascading across multiple sectors and costing hundreds of billions of pounds. A newly announced Cyber Security and Resilience Bill recognises data centres as critical national infrastructure, essential to the UK economy, with increased regulation, strict reporting requirements, and sanctions for companies failing to provide adequate cyber security.

The market opportunity is substantial for investors, developers, contractors, and insurers with capacity and underwriting expertise, to support this essential and rapidly growing sector.